Hey, so this computer belongs to my Grandparents and I want to make sure it’s clean from anything… The last computer they owned when I scanned it last had close to 10 Trojans and 3 worms. So they’re oblivious to what’s out on the Web. They do Online stuff so I want to ensure they aren’t at risk. I’m running the programs now. The computer is a couple years old so it doesn’t run the best… But yeah if someone could look the logs over that would be awesome. The thing that worries me is all of the randomly named .dll’s and .exe files really. Some look to be related to Chrome. But still.
I’ll post the logs as they come. It’s 10:30PM here so I’m getting tired. MBAM is running right now.
I left the computer over night to run the scan it probably finished but when I hopped on today it had crashed due to the amount of heat inside the case… Running the scan again. Different mode though. I know this much. Something is here that ought not to be…
An OTL scan would be usefull
Okay… They are using it right now so when they aren’t Ill run the scan.
Sorry for bad typing, this was posted on an iPad not a keyboard.
Didn’t take as long as I thought it would… OTL Log attached
Doesn’t look to bad actually … What sort of problems are you experiencing
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:Commands
[CREATERESTOREPOINT]
:OTL
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKCU\..\SearchScopes\{8061A21E-39FE-478A-B43A-2926C5CCBDFA}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^CA&apn_uid=D115C176-0288-4331-B408-CD8FCF5B8DFF&apn_sauid=7EB4F728-E3BD-4D13-B988-779DDF180F1C
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
[2011/02/03 13:32:41 | 000,103,784 | ---- | C] () -- C:\Users\George\GoToAssistDownloadHelper.exe
:Commands
[resethosts]
[emptytemp]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Just a ton of dll files. Slow start up…
Could you give an example of the dll’s and exe’s
Yeah I’ll list all the ones listed under Favourites:msdia80.dll And I can’t find anymore right now. I’ll look for them though…
OTL has been attached.
Just as a reference most were randomly named: Ex: dknvuip2incdji3.dll (Fake, but still similar to what the name was).
1 was Chrome.dll which I’m assuming is related to Chrome. Is there a way to find all .dll files?
OK these are obviously old files as I can see no reference to them on OTL
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
- IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
- Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
- Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
- If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
How is the computer behaving now ?
Seems fine. Before it would try to boot but if the fan were to rev up the computer would fail to boot. I’ll keep an eye out for it though
I can see no apparent malware as it stands
okay. I’ll see if I can see anything suspicious while I’m here